Sonicwall to graylog

how to get sonicwall syslog logs to graylog. what configuration needs to be done in graylog and sonicwall.

Hey @adiya_v

This explains HowTo configure sonicwall here

I would suggest using a port above 1024.
Next create a input on graylog shown here that match the same port from sonicwall.

From the documentation I just read about sonicwall it uses Syslog. I would create that type of input and match the ports between the two devices.
Hope that helps

i have created syslog tcp input in garylog with specifying 5516 port and done the following configuration in sonicwall:
Configuration for Sonicwall firewall:

Navigate to Manage | Log Settings | SYSLOG .
Under Syslog tab, Click on the Add button.
Select the Name or IP address of the Syslog server from the dropdown.
-set server # this is the FQDN of our firewall
-set port 5516
select syslog format as “Enhanced”
Click OK

But still i am not getting any logs.


On graylog perhaps execute a tcpdump.

running tcpdump -i ens189 port 5516
Is giving me result.

can anyone help with this issue?

In Sonicwall, you have to configure both the syslog server as well as the individual events you want to be sent via syslog, and it is a very extensive list. Here are some screenshots of my sonicwall config.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.